[PATCH] libosmocore[master]: gb: optionally allow nsip packets only from a specific host

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

dexter gerrit-no-reply at lists.osmocom.org
Tue Oct 17 13:31:53 UTC 2017 

Review at  https://gerrit.osmocom.org/4317

gb: optionally allow nsip packets only from a specific host

When listening for nsip connections is enabled, then every remote
host may send packets. This is useful for an SGSN that serves
multiple PCUs, but contraproductive for a PCU that awaits packets
from a single SGSN.

Add struct members remote_ip, and remote_port to struct gprs_ns_inst,
when set, then the listening end uses connect() to ensure that only
the expected host may send packets.

Change-Id: Ifeb201d9006eec275a46708007ff342cdfc14e45
---
M include/osmocom/gprs/gprs_ns.h
M src/gb/gprs_ns.c
2 files changed, 33 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/17/4317/1

diff --git a/include/osmocom/gprs/gprs_ns.h b/include/osmocom/gprs/gprs_ns.h
index 938ad99..66e3d9e 100644
--- a/include/osmocom/gprs/gprs_ns.h
+++ b/include/osmocom/gprs/gprs_ns.h
@@ -88,6 +88,8 @@
 		struct osmo_fd fd;
 		uint32_t local_ip;
 		uint16_t local_port;
+		uint32_t remote_ip;
+		uint16_t remote_port;
 		int dscp;
 	} nsip;
 	/*! NS-over-FR-over-GRE-over-IP specific bits */
diff --git a/src/gb/gprs_ns.c b/src/gb/gprs_ns.c
index d20ed23..f60a2a7 100644
--- a/src/gb/gprs_ns.c
+++ b/src/gb/gprs_ns.c
@@ -1561,15 +1561,43 @@
 int gprs_ns_nsip_listen(struct gprs_ns_inst *nsi)
 {
 	struct in_addr in;
+	struct in_addr remote;
+	char remote_str[INET_ADDRSTRLEN];
 	int ret;
 
 	in.s_addr = osmo_htonl(nsi->nsip.local_ip);
+	remote.s_addr = osmo_htonl(nsi->nsip.remote_ip);
 
 	nsi->nsip.fd.cb = nsip_fd_cb;
 	nsi->nsip.fd.data = nsi;
-	ret = osmo_sock_init_ofd(&nsi->nsip.fd, AF_INET, SOCK_DGRAM,
-				 IPPROTO_UDP, inet_ntoa(in),
-				 nsi->nsip.local_port, OSMO_SOCK_F_BIND);
+
+	if (nsi->nsip.remote_ip && nsi->nsip.remote_port) {
+		/* Only the configured remote end may connect */
+		snprintf(remote_str, sizeof(remote_str), "%s",
+			 inet_ntoa(remote));
+		ret =
+		    osmo_sock_init2_ofd(&nsi->nsip.fd, AF_INET, SOCK_DGRAM,
+					IPPROTO_UDP, inet_ntoa(in),
+					nsi->nsip.local_port, remote_str,
+					nsi->nsip.remote_port,
+					OSMO_SOCK_F_BIND | OSMO_SOCK_F_CONNECT);
+
+		LOGP(DNS, LOGL_NOTICE,
+		     "Listening for nsip connection from %s:%u on %s:%u\n",
+		     remote_str, nsi->nsip.remote_port, inet_ntoa(in),
+		     nsi->nsip.local_port);
+	} else {
+		/* Everyone may connect */
+		ret = osmo_sock_init_ofd(&nsi->nsip.fd, AF_INET, SOCK_DGRAM,
+					 IPPROTO_UDP, inet_ntoa(in),
+					 nsi->nsip.local_port,
+					 OSMO_SOCK_F_BIND);
+
+		LOGP(DNS, LOGL_NOTICE,
+		     "Listening for nsip connection on %s:%u\n",
+		     inet_ntoa(in), nsi->nsip.local_port);
+	}
+
 	if (ret < 0)
 		return ret;
 

-- 
To view, visit https://gerrit.osmocom.org/4317
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ifeb201d9006eec275a46708007ff342cdfc14e45
Gerrit-PatchSet: 1
Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Owner: dexter <pmaier at sysmocom.de>

More information about the gerrit-log mailing list